OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

bdx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: BDEA and Trust Frameworks

Mikkel, Thomas et al,


I’d like to introduce the notion of ‘Trust Frameworks’ for discussion as part of the BDEA (BEDA?) scope.  My apologies if I’m repeating topics from yesterday’s meeting, which I’m afraid I missed.


Various recently-posted committee documents touch on issues of security, trust, PKI infrastructure etc.  However, these fail to acknowledge that these are very general issues that are being addressed on an industry-wide.  The two main trust framework organizations are Kantara Initiative (which took over the work of the Liberty Alliance), and Open Identity eXchange (OIX).  The two organizations have announced that they are collaborating on certain topics.


Trust Frameworks aim to establish facilitate large-scale, federated identity management by profiling existing standards (notably OAuth, SAML, OpenID) around particular use cases.


It seems to me appropriate to the scope of this TC to:

a)      define relevant use cases within the BDEA context

b)      identify relevant use cases or profiles that may already have been established/published within existing Trust Frameworks

c)       conform BDEA use cases to existing best practices where possible

d)      as appropriate, to work with Trust Framework organizations to use case additions or extensions

e)      define conformant profiles for BDEA use cases around both technical, business and legal aspects of implementation


As a very preliminary, incomplete and perhaps overlapping list, BDEA “trust” use cases might include:

1.       Addressing: authenticating domain owners for creation of a new DNS Service Metadata record

2.       Supplier Network identity setup: automating creation of a new (supplier) identity on a supplier network

3.       Supplier authentication: validating that a new supplier identity does indeed correspond to an existing vendor record in the buyer’s system.

4.       Four-corner trusted party setup


I look forward to further discussion on this next week.


Best regards,

Roger Bass



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]